VDB
DEBIAN-CVE-2015-8472
DEBIAN-CVE-2015-8472
PUBLISHED
CVSS 7.300000190734863 HIGH
Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.
Risk Scores
CVSS v3.0
7.300000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | libpng1.6 | 0, 0, 0 |
| Debian:12 | libpng1.6 | 0, 0, 0 |
| Debian:14 | libpng1.6 | 0, 0, 0 |
| Debian:11 | libpng1.6 | 0, 0, 0 |
Timeline
- Jan 21, 2016 CVE Published
- Apr 28, 2026 CVE Updated